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Abstract  —  We  consider  the  problem  of  securing  multicast 
communications  in  an  energy-constrained  ad-hoc  network  envi¬ 
ronment.  We  show  that  existing  efficient  key  distribution  tech¬ 
niques  for  wired  networks  that  rely  on  logical  hierarchies  are  ex¬ 
tremely  energy  inefficient  for  energy-constrained  wireless  ad-hoc 
networks.  We  also  show  that  the  joint  consideration  of  routing  and 
physical  layer  algorithms  is  critical  for  developing  energy-efficient 
key  distribution.  We  then  formulate  the  correct  problem  and  show 
that  solution  is  hard  to  compute.  We  present  a  greedy,  routing- 
aware  key-distribution  algorithm  that  is  easy  to  compute  . 

I.  Introduction 

Multicast  communications  model  reduces  the  sender  as  well 
as  the  network  management  overhead  when  identical  data  has  to 
be  sent  to  a  group  of  receivers.  Many  applications  that  make  use 
of  single-sender-multiple-receiver  communication  model  can 
benefit  from  multicast  mode.  In  order  to  ensure  that  only  the 
valid  members  have  access  to  the  communication  channel,  the 
multicast  communication  is  secured  using  cryptography  [1].  The 
use  of  symmetric  key  cryptography  allows  the  sender  to  perform 
one  encryption  and  every  user  to  perform  one  decryption  per 
message,  thus  reducing  the  computational  overhead.  However, 
use  of  single  key  requires  that  the  encrypting  key  is  updated  each 
time  a  group  member  joins  or  leaves  to  ensure  the  forward  as 
well  as  backward  traffic  protection.  Since  every  member  holds 
the  data  encryption  key,  when  a  member  leaves  the  group,  a  se¬ 
cure  channel  to  reach  the  remaining  valid  members  to  update  the 
data  encryption  key  is  required.  Hence,  the  group  has  to  have 
additional  keys  called  Key  Encrypting  Keys  (KEK)  [1]. 

The  key  management  problem  is  to  ensure  that  only  the 
valid  members  have  the  keys  at  any  time.  Developing  efficient 
algorithms  to  allocate  KEK  to  members  is  the  key  distribution 
problem.  In  case  of  wired  networks,  the  rooted  tree  based  hierar¬ 
chical  key  distribution  schemes  are  known  to  be  optimal  [1,4].  In 
[2],  these  results  were  directly  used  for  energy-constrained  sen¬ 
sor  networks.  However,  as  we  show  in  this  paper,  such  models 
are  not  energy-efficient.  We  present  the  formulation  and  results 
below. 

II.  Wireless  Ad-Hoc  Network  Environment 

We  assume  that  omni-directional  antennas  are  used  for 
transmission  and  reception  of  the  signal.  The  required  power 
for  reaching  a  receiver  at  a  distance  d  is  proportional  to  the  y* 
power  of  that  distance  with  2  <  y  <  4  .  Assuming  the  proportion¬ 
ality  constant  to  be  one,  we  have  Pd=dK 

We  now  demonstrate  how  transmission  power  (a  quantity 
defined  in  the  physical  layer),  affects  the  way  the  routing  proce¬ 
dure  is  realized  at  the  network  layer.  The  wireless  nature  of  the 
medium  along  with  the  omni-directional  antennas,  offer  the 


unique  characteristic  of  the  broadcast  advantage  [3].  In 
figure  1(a),  sender  S  transmits  a  message  to  node  Mi,  lo¬ 
cated  at  the  boundary  of  the  sphere.  All  nodes  that  he  within 
the  sphere  of  radius  \SMi\  receive  the  message  for  “free”. 

We  now  show  the  impact  of  this  physical  layer  prop¬ 
erty  on  the  routing  decision.  In  figure  1(b),  assume  that 
d2>di  and  that  the  sender  S  needs  to  transmit  an  identical 
message  to  nodes  Mi  and  M2.  Simple  strategy  would  be  to 
use  unicast  transmissions  requiring  a  total  energy  expendi¬ 
ture  of  (d/+d2).  However,  broadcast  nature  of  the  wireless 
medium  can  reduce  this  expenditure  as  shown  below. 


Fig.  1 .  (a)  Broadcast  Advantage  for  members  Mj-Mj.  (b)  S  transmits  an 
identical  message  to  both  receivers 

The  sender  can  choose  between  one  of  the  two  following 
strategies:  (a)  transmit  to  My  and  let  My  relay  the  message  to 
M2,  (b)  transmit  to  M2  and  let  My  receive  the  message  for 
free,  since  d2>di  (due  to  broadcast).  This  leads  to  the  fol¬ 
lowing  rule:  if  d2>(di'+di2)  then  the  sender  chooses  the 
strategy  (a),  otherwise  strategy  (b)  is  preferred. 

III.  Impact  Of  Physical  And  Network  Layer  On  The 

Efficiency  Of  The  Key  Distribution  Schemes 

We  now  demonstrate  the  need  for  routing-aware  key 
distribution.  In  figure  2,  we  represent  a  wireless  network  of 
7  nodes,  with  one  of  them  being  the  sender  denoted  GC,  and 
two  intermediate  nodes  R  i,  R2  relaying  traffic  to  four  receiv¬ 
ing  nodes  M1-M4,  which  form  a  multicast  group.  The  energy 
required  for  sending  a  message  from  the  GC  to  the  two  relay 
nodes  is  set  to  one  unit  and  the  energy  required  for  sending 
a  message  from  the  relay  nodes  to  the  receiving  nodes  is 
also  set  to  one  unit.  Hence,  the  GC  need  only  to  perform  one 
broadcast  to  reach  Ri,  R2  and,  relay  nodes  Ri,  R2  each  need 
perform  one  broadcast  to  reach  {My,  M2}  and  {M?,  M4}  re¬ 
spectively. 

Figure  3  presents  two  different  key  distribution  strate¬ 
gies  for  the  multicast  group  in  figure  2.  The  one  in  figure 
3(a)  is  built  according  to  the  available  routing  information, 
while  the  one  in  3(b)  is  a  result  of  a  random  placement  of 
the  members  into  the  leaves  of  the  tree.  As  a  quick  refresher 
[2],  a  member  is  assigned  keys  that  are  along  the  path  traced 
from  the  leaf  node  to  the  root.  For  example.  My  is  assigned 
keys  {Kg,  Ki  j,  K21}.  All  the  nodes  share  the  key  Vo. 
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Fig.  2.  Routing  tree  of  an  energy  constrained  wireless  network  Fig.  3.  (a)  A  hier¬ 
archical  tree  based  key  distribution  scheme  based  on  routing,  (b)  A  logical  hier¬ 
archical  tree  based  key  distribution  scheme. 


Let’s  assume  that  keyi^o  has  been  compromised  and  needs  to 
be  replaced  by  the  new  key  Kg  For  scheme  in  figure  3(a),  the 
GC  generates  encrypted  messages  {Kq  ^  and  {Kq  ^  and 

transmits  them  to  relay  nodes  R i  and  R2  respectively.  Node  R 1 
performs  one  transmission  to  Mj,  M2  and  R2  performs  one 
transmission  to  Mg,  M4.  The  total  energy  expenditure  is  four  en¬ 
ergy  units.  For  scheme  in  figure  3(b),  the  GC  transmits  two  mes¬ 
sages  to  both  Ri,  R2.  Both  Rj  and  R2  need  to  transmit  twice  to 
reach  nodes  My,  Mg  and  M2,  M4,  since  nodes  that  share  common 
keys  cannot  be  reached  with  a  single  transmission.  The  scheme 
in  figure  3(b)  requires  8  energy  units.  Hence,  for  this  example, 
joint  consideration  of  the  network  and  physical  layer  informa¬ 
tion  in  the  realization  of  the  key  distribution  scheme  leads  to 
energy  savings  of  50%..  In  larger  networks  with  variable  dis¬ 
tances  between  nodes  the  energy  savings  can  be  even  more  sig¬ 
nificant.  Hence,  the  secure  broadcast  in  energy-constrained 
wireless  networks  needs  to  be  routing-aware. 

IV.  Routing-Aware  Key  Distribution  Scheme 

We  showed  that  the  joint  consideration  of  layer  2  and  3  is 
important  in  designing  secure  broadcast  in  ad-hoc  networks.  In 
this  section  we  present  a  systematic  approach  based  on  the  rout¬ 
ing  procedure  for  constructing  an  energy  efficient  key  distribu¬ 
tion  tree.  We  make  use  of  the  routing  information  and  try  to  de¬ 
sign  an  energy-efficient  key  distribution  scheme  for  secure 
broadcast. 

We  define  the  following  quantities: 

—  N :  multicast  group  size 

—  T :  key  distribution  tree 

—  bf  energy  required  to  reach  a  set  of  members  (this  set 

or  cluster  is  denoted  by  k)  according  to  the  established  rout¬ 
ing  tree  (broadcasting  to  those  members)  at  level  m  of  the 
tree  T. 

—  ' Total  energy  required  to  update  all  at  level 
m  of  the  tree  T. 

—  Etotal(T)  :  Total  energy  required  for  updating  all  keys  of  the 
tree  T. 

Without  loss  of  generality  (more  for  clarity),  we  try  to  con- 
stract  a  binary  tree  with  N  leafs.  Extension  to  a  d-ary  tree  is 
straightforward.  The  depth  of  the  binary  tree  is  equal  to 
h  =  |'log2  v].  At  level  m  of  the  key  distribution  tree,  the  total 
energy  required  for  updating  all  keys  is  given  by: 

ETOTAL..iT)=ib:{T)  (1) 

The  total  levels  are  equal  to  (h-1)  since  leaf  keys  do  not  need 
to  be  updated.  The  total  energy  required  for  updating  keys  at  all 
levels  is 


EtOTAL^E)  Z  (^)  ^  (E)  (2) 

m=0  m=0k=\ 

Given  N  nodes,  we  impose  a  balanced  tree  structure  to 
allow  the  efficient  delivery  of  data  to  subgroups  of  the 
global  multicast  communication  group.  The  equivalent  op¬ 
timization  problem  is 

/  =argmin  I  |:b;(7’)  (3) 

T  m=0k=\ 

where  T  is  the  optimum  tree  structure  that  minimizes  the 
energy  required  for  a  re-key  operation.  It  can  be  shown  that 
the  search  space  of  such  trees  grows  exponentially  with 
group  size.  Hence,  a  heuristic  solution  is  needed.  We  pro¬ 
pose  a  sub-optimal  greedy  method  for  finding  an  energy 
efficient  key  tree.  We  do  this  by  choosing  the  cluster  that 
requires  the  smallest  amount  of  energy  for  key  update.  The 
clusters  that  are  created  at  every  level  are  fixed  and  act  as  a 
constraint  to  the  upper  level  cluster  formation. 


Greedy  Routing-Aware  Key  Distribution  Algorithm 

Level  h-1 :  At  the  leaf  level,  each  cluster  consists  of  two 
members.  Using  the  available  routing  information  we 
compute  the  required  energy  for  updating  all  N(N-l)/2 
possible  clusters  of  two  members.  We  greedily  pick  N/2 
clusters.  Our  greedy  algorithm  consists  of  three  steps: 
(1)  arrange  all  pairs  in  ascending  order  of  energy  ex¬ 
penditure,  (2)  pick  the  cluster  with  smallest  energy,  (3) 
erase  all  clusters  containing  a  node  that  was  already  se¬ 
lected,  for  the  remaining  clusters,  repeat  steps  (2)  and 
(3)  till  all  members  are  selected. 


Arbitrary  level  m  (m=h-l ;m>=l ;m~)\  The  clusters 
formed  at  level  (m-l-1)  are  treated  as  single  nodes  (or 
leafs)  for  the  formation  of  clusters  at  level  m.  The 
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V.  Conclusion 

We  showed  that  the  secure  broadcast  in  ad-hoc  net¬ 
works  needs  to  jointly  consider  the  physical  and  network 
layer  algorithms  to  be  energy-efficient.  In  particular,  we 
showed  that  the  results  [1]  do  not  generalize  to  ad-hoc  net¬ 
works.  Recent  past  work  had  implied  this  generalization  was 
feasible  [2].  We  also  presented  a  routing-aware  formulation 
and  a  greedy  solution  to  it. 
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